Cloud Direct Enterprise Mobility and Security (EMS)

Empower your employees to work on their favourite devices and apps, while you maintain control over who has access to your business resources and over which devices – with peace of mind that your business data is protected at all times.

Features

Protects at the user, device, application and data level

Access thousands of applications using the same credentials

Role based access control

Device and application management including remote wipe

Proactive monitoring of devices; keeps business and personal data separate

User support

User support

Email or online ticketing support

Email or online ticketing

Support response times

Core Customer Support working hours; 8am-6pm Monday to Friday, excluding Bank holidays. Support issues classified as critical are supported 24x7x365. Dependant on issue classification - see our Service Definition. Initial Response times are between one hour and one working day.

User can manage status and priority of support tickets

Yes

Online ticketing support accessibility

None or don’t know

Phone support

Yes

Phone support availability

24 hours, 7 days a week

Web chat support

Web chat

Web chat support availability

9 to 5 (UK time), Monday to Friday

Web chat support accessibility standard

None or don’t know

How the web chat support is accessible

Unknown.

Web chat accessibility testing

We haven't directly performed any testing.

Onsite support

Yes, at extra cost

Support levels

We provide break/fix support as standard, 24/7 with critical case support out of hours.

For each case you'll be given a named contact.

Support available to third parties

Yes

Onboarding and offboarding

Onboarding and offboarding

Getting started

We have a knowledge base where customers can access help articles. If we were to deploy the service (a Scope of Work would be agreed) which may offer some training.

Service documentation

Yes

Documentation formats

HTML

End-of-contract data extraction

The customer can either migrate their account to another provider at which point we would lose all access. If the customer left and cancelled the service the data would be securely destroyed.

End-of-contract process

No cancellation fees to cancel the service. Service will remain in place until the agreed cancellation date.

Using the service

Using the service

Web browser interface

Yes

Supported browsers

Internet Explorer 10

Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari 9+

Application to install

Yes

Compatible operating systems

Android

IOS

MacOS

Windows

Windows Phone

Designed for use on mobile devices

Yes

Differences between the mobile and desktop service

The service offers device management.

Accessibility standards

None or don’t know

Description of accessibility

Unknown.

Accessibility testing

We haven't completed any testing directly

API

No

Customisation available

Yes

Description of customisation

Customers can configure the service to perform single or same sign-on, can setup device management settings, can setup information protection settings and setup Cloud App Security.

Scaling

Scaling

Independence of resources

Microsoft monitor the EMS service to ensure there are enough resources available to provide a good service to all users.

Analytics

Analytics

Service usage metrics

Yes

Metrics types

The service provides some analysis of usage, devices, information access, applications used within the business and potential threats.

Reporting types

Real-time dashboards

Resellers

Resellers

Supplier type

Reseller providing extra support

Organisation whose services are being resold

Microsoft

Staff security

Staff security

Staff security clearance

Other security clearance

Government security clearance

Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection

Knowledge of data storage and processing locations

Yes

Data storage and processing locations

United Kingdom

User control over data storage and processing locations

No

Datacentre security standards

Managed by a third party

Penetration testing frequency

At least once a year

Penetration testing approach

In-house

Protecting data at rest

Physical access control, complying with another standard

Encryption of all physical media

Data sanitisation process

Yes

Data sanitisation type

Deleted data can’t be directly accessed

Equipment disposal approach

A third-party destruction service

Data importing and exporting

Data importing and exporting

Data export approach

Users can export data as CSV files.

Data export formats

CSV

Data import formats

CSV

Data-in-transit protection

Data-in-transit protection

Data protection between buyer and supplier networks

TLS (version 1.2 or above)

Data protection within supplier network

TLS (version 1.2 or above)

Availability and resilience

Availability and resilience

Guaranteed availability

The service is guaranteed to be available at least 99.9% within a month apart from in certain scenarios as described in the Service Description. Based on the level of downtime, a customer can get a maximum of 30% back across all affected licences.

Approach to resilience

The data and service is based out of two data centres to provide fail over should one become unavailable.

Outage reporting

Service health is displayed in the Office 365 Admin portal.

Identity and authentication

Identity and authentication

User authentication needed

Yes

User authentication

2-factor authentication

Username or password

Access restrictions in management interfaces and support channels

The customer decides what users have which permissions; in many instances this relates to whether they're a user or have admin privileges. For support purposes, any one from a customer can raise a support issue but only account details are discussed with nominated contacts. For our employees we operate a strict access control policy where only necessary employees have access to customer systems. This is reviewed periodically and we monitor usage to make sure it isn't abused.

Access restriction testing frequency

At least once a year

Management access authentication

Username or password

Audit information for users

Audit information for users

Access to user activity audit information

Users have access to real-time audit information

How long user audit data is stored for

Between 1 month and 6 months

Access to supplier activity audit information

Users have access to real-time audit information

How long supplier audit data is stored for

Between 1 month and 6 months

How long system logs are stored for

Between 1 month and 6 months

Standards and certifications

Standards and certifications

ISO/IEC 27001 certification

Yes

Who accredited the ISO/IEC 27001

BSI

ISO/IEC 27001 accreditation date

Active

What the ISO/IEC 27001 doesn’t cover

Not applicable

ISO 28000:2007 certification

No

CSA STAR certification

Yes

CSA STAR accreditation date

Active

CSA STAR certification level

Level 3: CSA STAR Certification

What the CSA STAR doesn’t cover

Not applicable

PCI certification

No

Other security certifications

Yes

Any other security certifications

ISO 22301 - Intune, Cloud App Security and Azure

ISO 27018 - Intune, Cloud App Security and Azure

Security governance

Security governance

Named board-level person responsible for service security

Yes

Security governance certified

Yes

Security governance standards

ISO/IEC 27001

Information security policies and processes

Cloud Direct have several policies around information security including vendor management, problem management, risk management, access control and information control. Every policy and process has an owner who is responsible to ensure it's followed as well as line-managers within the business. We have also built processes into our systems to help with adherence. Any time a process isn't followed a non-conformance is raised and investigated.

Operational security

Operational security

Configuration and change management standard

Supplier-defined controls

Configuration and change management approach

Cloud Direct hold ISO 27001 (Security) certification and follow annually audited processes for the management of change within the service. Changes to the service are classified as either pre-defined change , i.e. changes that are documented as a standard procedure for example, adding in a new replication instance or authorisation change which must be approved. All authorisation changes are reviewed by our change board before being allowed to proceed. Full documentation of these changes are retained within our service management system.

Vulnerability management is covered under our ISO 27001 certification in conjunction with our Tier 1 Cloud Solutions Partnership with Microsoft. Microsoft are responsible for the management of vulnerabilities and service patching.

Microsoft provides an extensive monitoring and protective service for the Cloud platform. This includes an extensive defence system against Distributed Denial-of-Service (DDoS) attacks. It uses industry standard detection and mitigation techniques. Microsoft Cloud meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.

Incident management type

Supplier-defined controls

Incident management approach

Cloud Direct holds a ISO20000 certification for service management. This is an independent audit of a business’ ability to delivery consistently high-quality IT services. Cloud Direct bases its processes on ITIL® - a comprehensive set of best practices for IT Service Management. The ethos behind ITIL is the recognition that organisations are increasingly dependent on IT in order to meet business needs. This leads to an increased requirement for high quality IT services. All incident management processes are documented and audited in line with this certification.

Secure development

Secure development

Approach to secure software development best practice

Supplier-defined process

Public sector networks

Public sector networks

Connection to public sector networks

No

Pricing

Pricing

Price

£0.20 to £11.20 per user per month

Discount for educational organisations

Yes

Free trial available

Yes

Description of free trial

Trials are available for 30 days.Depending on your trial aims, trialling the service may not be the most practical way to experience Office 365 so we can provide demonstrations to meet your needs.